Skip to content

Commit

Permalink
feat: update permissions so the readers can access new tables within …
Browse files Browse the repository at this point in the history 
…the schema
  • Loading branch information
@juanmahidalgo
juanmahidalgo committed Dec 2, 2024
1 parent 1112d14 commit 456f98c
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions indexer.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,19 @@ psql -v ON_ERROR_STOP=1 --username "$DB_USER" --dbname "$DB_NAME" --host "$DB_HO
CREATE SCHEMA $NEW_SCHEMA_NAME;
CREATE USER $NEW_DB_USER WITH PASSWORD '$DB_PASSWORD';
GRANT ALL PRIVILEGES ON SCHEMA $NEW_SCHEMA_NAME TO $NEW_DB_USER;
GRANT ALL PRIVILEGES ON SCHEMA $NEW_SCHEMA_NAME TO $SQUID_READER_USER;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA $NEW_SCHEMA_NAME TO $SQUID_READER_USER;
GRANT ALL PRIVILEGES ON SCHEMA $NEW_SCHEMA_NAME TO $API_READER_USER;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA $NEW_SCHEMA_NAME TO $API_READER_USER;
GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $NEW_DB_USER;
ALTER USER $NEW_DB_USER SET search_path TO $NEW_SCHEMA_NAME;
-- Grant schema usage to reader users
GRANT USAGE ON SCHEMA $NEW_SCHEMA_NAME TO $API_READER_USER, $SQUID_READER_USER;
-- Make squid_server_user able to grant permissions on objects in this schema
GRANT $NEW_DB_USER TO $DB_USER;
-- Set default privileges for tables created by NEW_DB_USER
ALTER DEFAULT PRIVILEGES FOR ROLE $NEW_DB_USER IN SCHEMA $NEW_SCHEMA_NAME
GRANT SELECT ON TABLES TO $API_READER_USER, $SQUID_READER_USER;
-- Insert a new record into the indexers table
INSERT INTO public.indexers (service, schema, db_user, created_at)
VALUES ('$SERVICE_NAME', '$NEW_SCHEMA_NAME', '$NEW_DB_USER', NOW());
Expand Down

0 comments on commit 456f98c

Please sign in to comment.